Encrypt the Web with HTTPS Everywhere

San Francisco - The Electronic Frontier Foundation (EFF), in collaboration with the Tor Project, has launched an official 1.0 version of HTTPS Everywhere, a tool for the Firefox web browser that helps secure web browsing by encrypting connections to more than 1,000 websites.

HTTPS Everywhere was first released as a beta test version in June of 2010. Today's 1.0 version includes support for hundreds of additional websites, using carefully crafted rules to switch from HTTP to HTTPS. HTTPS protects against numerous Internet security and privacy problems, including the search hijacking on U.S. networks that was revealed by an article published today in New Scientist magazine. The article, entitled "US internet providers hijacking users' search queries," documents how a company called Paxfire has been intercepting and altering search traffic on a number of ISPs' networks. HTTPS can prevent such attacks.

"HTTPS secures web browsing by encrypting both requests from your browser to websites and the resulting pages that are displayed," said EFF Senior Staff Technologist Peter Eckersley. "Without HTTPS, your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking. Today's Paxfire revelations are a grand example of how things can go wrong. EFF created HTTPS Everywhere to make it easier for people to keep their user names, passwords, and browsing histories secure and private. With the revelation that companies like Paxfire are out there, intercepting millions of people's searches without their permission, this kind of protection is indispensable."

HTTPS Everywhere 1.0 encrypts connections to Google Image Search, Flickr, Netflix, Apple, and news sites like NPR and the Economist, as well as dozens of banks. HTTPS Everywhere also includes support for Google Search, Facebook, Twitter, Hotmail, Wikipedia, the New York Times, and hundreds of other popular websites.

However, many websites have not implemented HTTPS at all. On sites that are HTTP-only, users still have to live with lower levels of privacy and security.

"More websites should implement HTTPS to help protect their users from identity theft, viruses, and other security threats," said Senior Staff Technologist Seth Schoen. "Our Firefox extension is able to protect people using Google, DuckDuckGo or StartingPage for their searches. But we currently can't protect Bing and Yahoo users, because those search engines do not support HTTPS."

HTTPS Everywhere has been downloaded millions of times since last year's initial beta release.

Related Updates

We’ve learned that the FBI has been misinforming Congress and the public as part of its call for backdoor access to encrypted devices. For months, the Bureau has claimed that encryption prevented it from legally searching the contents of nearly 7,800 devices in 2017, but today the Washington Post ...

A group of researchers recently released a paper that describes a new class of serious vulnerabilities in the popular encryption standard PGP (including GPG) as implemented in email clients. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of...

If you have disabled the PGP plugin from your mail client and saved a copy of an encrypted email to your desktop, this guide will help you read that message in as safe a way as possible given what we know about the vulnerability described by EFAIL. Note that the...

Researchers have developed code exploiting several vulnerabilities in PGP (including GPG) for email, and theorized many more which others could build upon. For users who have few—or even no—alternatives for end-to-end encryption, news of these vulnerabilities may leave many questions unanswered. Digital security trainers, whistleblowers, journalists, activists, cryptographers...

If you have disabled the PGP plugin from your mail client and saved a copy of an encrypted email to your desktop, this guide will help you read that message in as safe a way as possible given what we know about the vulnerability described by EFAIL. 1. Open the...

If you have disabled the PGP plugin from your mail client and saved a copy of an encrypted email to your desktop, this guide will help you read that message in as safe a way as possible given what we know about the vulnerability described by EFAIL. 1. Open Finder...

After disabling the GpgOL plugin, you will need to save encrypted messages as files on your hard drive in order to view them later on. 1. Select the encrypted message. 2. Right-click the file ending in “.asc”, then click “Save As.” 3. Click on “Desktop” to choose where you...

After disabling the GPGTools plugin for Apple Mail, you will need to save encrypted messages as files on your hard drive in order to view them later o 1. Select the encrypted message. (Note: If you have followed the instructions for how to disable GPG in Apple Mail correctly...

After disabling Enigmail, you will need to save encrypted messages as files on your hard drive in order to view them later on. These instructions will work on most desktop operating systems. 1. Select the encrypted message. 2. Click on the hamburger menu (the three horizontal lines). 3. Hover...